Login

Amazon Linux AMI : php56 / php70,php71 (ALAS-2018-946)

Medium Nessus Plugin ID 106691

Synopsis

The remote Amazon Linux AMI host is missing a security update.

Description

Reflected XSS in .phar 404 pageAn issue was discovered in PHP; there is Reflected XSS on the PHAR 404 error page via the URI of a request for a .phar file. (CVE-2018-5712)Denial of Service (DoS) via infinite loop in libgd gdImageCreateFromGifCtx function in ext/gd/libgd/gd_gif_in.cThe gd_gif_in.c file in the GD Graphics Library (aka libgd), as used in PHP has an integer signedness error that leads to an infinite loop via a crafted GIF file, as demonstrated by a call to the imagecreatefromgif or imagecreatefromstring PHP function. This is related to GetCode_ and gdImageCreateFromGifCtx. (CVE-2018-5711)